Sensors everywhere could mean privacy nowhere, expert says

September 16, 2014

The risks and benefits of the Internet of Things will be the subject of a lecture by Purdue computer science professor Eugene Spafford at the upcoming Dawn or Doom conference. The conference, which will examine the role of several rapidly expanding technologies in society, will be Thursday (Sept. 18) and is free and open to the public. (Purdue University image) Download Photo

WEST LAFAYETTE, Ind. – Just as we are coming to grips with having less privacy in our lives thanks to the Internet, a new use of the technology is poised to present new questions about security and privacy - and create a new threat to society.

Eugene Spafford, professor of computer science at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS), says the so-called "Internet of Things" will see small microprocessors and sensors placed seemingly everywhere, and these devices will collect much data about us - often without our knowledge.

"Instead of a small number of scholars recording data, we will soon have millions and soon billions of tireless digital observers recording everything within reach, and storing it forever," Spafford says. "The benefit will be better decision making about many aspects of our lives, such as energy use, decisions about our health and financial decisions. The downside is that we give up a lot of our privacy, and, in fact, maybe all of it."

Ubiquitous Internet microprocessors will soon be in things we encounter every day. Spafford says examples are already appearing.

"We have the Nest thermostat, which does a better job of learning how we like to heat or cool our homes than previous thermostats, and we are beginning to see Internet-connected refrigerators, which can let us know when we need to buy groceries and pull together a shopping list for us," he says.

The problem is that consumers have little or no control about how the data collected will be used, or even knowledge about what data is being collected.

"We put ourselves in a position where we may be manipulated without our consent, and possibly without our knowledge, because connections may be drawn on this data that we don't understand or recognize even about ourselves," Spafford says. "For example the company that makes the Nest thermostat was purchased by Google. Now Google will know when I'm home, can determine how many people are in the house, and that information will be provided to other companies and government agencies. Is that a trade I'm willing to make? To what extent can I control that?"

Spafford will discuss security and privacy of "The Internet of Things" in a lecture titled "Faster Than Our Understanding" at a conference at Purdue called Dawn or Doom: The New Technology Explosion.

The Dawn or Doom conference is being held Thursday (Sept. 18) on the Purdue West Lafayette campus and is free and open to the public.

Spafford says what is needed is consumer information equivalent to the drug information that is packaged with each medication.

"We need a notice of the level of some of these observations, and which of these observations should we be allowed to opt out of. There needs to be greater transparency about what is done with the information that's collected, the accuracy of the data and where it's going," he says.

A second concern with the Internet of Everything is that we may have already crossed a threshold where a large event that would cripple these devices would mean that our current civilization would come to an immediate stop.

"Our telephones wouldn't work, hospitals would not be able to do medical tests, at the university we wouldn't be able to post grades," Spafford says.

An occurrence of a massive solar flare, like the 1859 Carrington Event, could disable all of these devices.

"If something like that were to happen, the Amish would become the only people without a major life upheaval," Spafford says.